目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

surrealdb 产品漏洞列表 / CVE 中文分析 26

surrealdb 产品相关 26 条漏洞,AI 中文标题与摘要、CVSS、POC 一站汇总。

本页面汇总了SurrealDB相关的安全漏洞信息,主要关注数据库引擎在认证、授权及数据解析等环节存在的安全缺陷。聚合页收录了近年来公开披露的漏洞记录,涵盖从早期版本暴露的权限绕过风险到近期发现的服务拒绝服务及潜在远程代码执行隐患。读者可通过本页追踪SurrealDB厂商的安全公告动态,深入了解该数据库系统的已知弱点及其修复状态,并快速检索该产品历史版本中涉及的关键漏洞详情,以便及时评估安全风险并实施相应的补丁升级措施。

ベンダー: surrealdb

CVE IDタイトルCVSS深刻度公開日
CVE-2025-71398 SurrealDB before 2.2.2 SSRF via HTTP Redirect Bypass CWE-918--2026-07-18
CVE-2025-71397 SurrealDB before 2.2.2 CPU Exhaustion via nested FOR loops CWE-835--2026-07-18
CVE-2025-71395 SurrealDB before 2.2.2 Memory Exhaustion via string::replace CWE-789--2026-07-18
CVE-2025-71396 SurrealDB before 2.2.2 Denial of Service via JavaScript Scripting CWE-770--2026-07-18
CVE-2025-71394 SurrealDB before 2.2.2 Local File Read via DEFINE ANALYZER CWE-22--2026-07-18
CVE-2025-71393 SurrealDB before 2.2.2 Memory Exhaustion via Nested Functions CWE-674--2026-07-18
CVE-2025-71392 SurrealDB before 2.2.2 SurrealQL Injection via export CWE-77--2026-07-18
CVE-2025-71391 SurrealDB before 2.2.2 Denial of Service via /sql endpoint CWE-248--2026-07-18
CVE-2025-71390 SurrealDB before 2.3.6 deny-net Bypass via DNS Resolution CWE-863--2026-07-18
CVE-2024-58370 SurrealDB before 1.1.0 Uncontrolled Recursion Denial of Service CWE-674 6.5 Medium2026-07-18
CVE-2024-58369 SurrealDB before 1.1.1 Denial of Service via Global Parameters CWE-248 6.5 Medium2026-07-18
CVE-2024-58368 SurrealDB before 1.1.0 Denial of Service via HTTP Headers CWE-248 7.5 High2026-07-18
CVE-2024-58367 SurrealDB before 2.0.4 Improper Authorization via SELECT Permissions CWE-285--2026-07-18
CVE-2024-58366 SurrealDB before 1.1.1 Format String via Scripting Functions CWE-134 8.5 High2026-07-18
CVE-2024-58365 SurrealDB before 1.2.0 Denial of Service via Nonexistent Function CWE-248 6.5 Medium2026-07-18
CVE-2024-58364 SurrealDB before 1.2.1 Denial of Service via Parsing Error CWE-248 6.5 Medium2026-07-18
CVE-2024-58363 SurrealDB before 1.5.4 Authentication Bypass via Database Switch CWE-287 6.3 Medium2026-07-18
CVE-2024-58362 SurrealDB before 1.5.5 Query Injection via RPC API CWE-75 8.8 High2026-07-18
CVE-2024-58361 SurrealDB before 2.0.4 Denial of Service via Parser Exception CWE-248 6.5 Medium2026-07-18
CVE-2024-58359 SurrealDB before 2.1.0 Denial of Service via rand() Sorting CWE-248 6.5 Medium2026-07-18
CVE-2024-58357 SurrealDB before 2.1.0 Denial of Service via rand::time() CWE-248 6.5 Medium2026-07-18
CVE-2024-58358 SurrealDB before 2.1.0 Denial of Service via Nonexistent Role CWE-248 4.9 Medium2026-07-18
CVE-2024-58356 SurrealDB before 2.1.4 Permission Bypass via DEFINE TABLE OVERWRITE CWE-276--2026-07-18
CVE-2023-54366 SurrealDB before 1.0.1 Insecure Default Table Permissions CWE-276 8.8 High2026-07-18
CVE-2026-63309 SurrealDB < 3.1.5 Information Disclosure via ORDER BY CWE-863 4.3 Medium2026-07-17
CVE-2026-49997 SurrealDB: Edge PERMISSIONS FOR delete bypassed when a connected node is deleted CWE-285 5.4 Medium2026-07-15

surrealdb 产品累计公开 26 条 CVE 漏洞,本页提供按时间倒序的完整列表,包含 CVSS、CWE、AI 中文摘要与可获取的 POC 链接。